Our PCs are infected and our website get compromised

We received various spams everyday.

Message from Hosting Provider

Hello,

We’ve observed outgoing emails that have known characteristics with a trojan infection on one or more of your PCs. The following email account(s) were used to send the email. Please scan the PC that uses this email address with an updated AV and Malware scanner to ensure that the infection is removed. Log into cPanel to reset the email account password once the PC is scanned.

Please do not reuse the old password. The hacker has the old password, they have put it into a malicious program. This program will automatically try to abuse the account for quite some time. The hacker will also sell the compromised passwords in a list to other hackers. The recipients of this list will try to use the old password for months or even years to come.

Please scan the affected computers with one of the following anti-malware programs as they have been shown to clean recent strains of malware that resist detection by other programs.

MalwareBytes:
ComboFix:

Please scan the affected computers with one of the following anti-virus programs and maintain this program on all computers used to access the account.

Avast! Antivirus
AVG Anti-Virus:
Bitdefender:
ESET:
F-Secure:
Kaspersky:
Microsoft Security Essentials:
Spybot Search & Destroy:
Super Anti-Sypware:
Trend Micro:

If you are using an Apple we suggest using the following program.

ClamXav:

After the clean has completed, please change all affected account passwords to a strong password not previously used on the account.

Mail Log Parsed

User sent approximately 54,528 messages to 53,365 unique recipients.
There were 30 bounces on 27 unique addresses.

After I got this message, I downloaded Avast Free Antivirus, would this help? I am a bit worried for our website because the hacker may access our confidential information. Also we are sharing our hosting for our other websites, and also this. They are sharing the public folder in our hosting. If I understood it our other site will be infected, it would also infect other folders like PCs, right?

I have currently have this version on our PCs

http://oi60.tinypic.com/ohvjvp.jpg

Please scan the affected computers with one of the following anti-malware programs as they have been shown to clean recent strains of malware that resist detection by other programs.

MalwareBytes:
ComboFix:


Do not use Combofix unless administered by an expert. Simple mistake while using the tool can render your machine un-bootable. If you think your PC is infected, attach the logs in your next post as instructed here.

Regards,
Valinorum

@Valinorum Thank you. I downloaded Malwarebytes’ Anti-Malware right away after I received. I was totally in panic because of the admin message. Malwarebytes’ Anti-Malware detected malwares and I asved the log for it. I will be posting the logs here soon. I am not in the office right now because it’s weekend.

Thanks

I await the logs. :slight_smile:

@Valinorum, hello. Good Morning. I have attached the two log files from MB. Thank you

hey please also attach aotl and aswmbr log from this guide.

http://forum.avast.com/index.php?topic=53253.0

valinorum will help you from there.

@valinorum welcome on board the avast forum and enjoy your training here.

@mikaelrask Thanks.
@Valinorum I have uploaded the required files, please see the attachment.
Thanks

@mikaelrask Thank you for the kind welcome to the forum. :slight_smile:
@lordzden Currently working on your fix and will post after an expert’s approval since I am still a trainee. Thank you for your patience.

Sure take your time. :slight_smile:

Hi lordzden, :slight_smile:

[*]Step #1 Fix with OTL
[*]Re-run OTL by right clicking and choosing Run as administrator;
[*]Under the Custom Scans/Fixes Box copy and paste the following contents inside the code box.

:Commands
[createrestorepoint]

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\lucky leap\bin\utilluckyleap.exe -- (Util lucky leap)
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10065&did=10727&barid=261949220020737021092967479156009158002
IE - HKU\S-1-5-21-844436923-4234118608-2441230424-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10065&did=10727&barid=261949220020737021092967479156009158002
[2013/10/25 20:06:54 | 000,002,091 | ---- | M] () -- C:\Users\MYPCNAME\AppData\Roaming\Mozilla\Firefox\Profiles\fbsakf9p.default\searchplugins\sweetim.xml
O13 - gopher Prefix: missing
[2013/08/17 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\MYPCNAME\AppData\Roaming\uTorrent

:Commands
[emptytemp]
[resethosts]

[*]Click on “Run Fix” and let the program run unhindered;
[]Your PC will reboot automatically and a log will be opened;
[
]Please attach it in your next reply.


[*]Step #2 Fix with AdwCleaner
[*]Download AdwCleaner by Xplode to your Desktop from the following link.
[list][]Download Link #1
[
]Download Link #2
[*]Right-click on AdwCleaner.exe and choose Run as administrator;
[*]Click on Scan and let the program run unhindered;
[*]When done, click on Clean and allow the system to reboot after it is done;
[]A log will be opened automatically after the restart;
[
]Attach the log in your reply.[/list]


[*]Step #3 Fix with Junkware Removal Tool
Download Junkware Removal Tool by thisisu to your Desktop from the link below.
Download Link 1
Download Link 2
[]Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
[*]Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
[*]Please be patient as the tool cleans your system;
[*]After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
[
]Attach the log in your next reply.


[*]Step #4 Upload File(s) to Virus-Total
I want you to upload the following suspicious file(s) to an online virus-scanner to scan.

[]Please go to www.virustotal.com
[*]Click on Choose File;
[*]Go to C:\Windows\System32\shell32.dll;
[*]Click on Open;
[*]Click on Scan it;
[
]Copy and Paste the link of the result page in your reply;

Follow the procedure for the following file(s) too:
C:\Windows\System32\user32.dll


[*]Required Log(s):
[]OTL Fix Log;
[
]AdwCleaner Log;
[]Junkware Removal Tool Log;
[
]VirusTotal Scan Link(s)

Regards,
Valinorum

Thank you for this. I will post the required files the soonest. Have a good day!

Por favor quisiera saber si el antivirus "Avast Free " también elimina mysearch.sweetpacks
Tengo en mi computadora Google Chrome, Mozilla Firefox, e Internet Explorer
He pasado el antivirus pero no tengo la certeza q’ se haya eliminado
ES MUY MOLESTO ENCONTRAR QUE SE HA INSTALADO UN PROGRAMA MALICIOSO Y NO PODER SACARLO

¿ ME CONTESTAN POR ESTEMEDIO O A MI CORREO dbdalt@hotmail.com ?
Muchas gracias

Hola Delia. Bienvenida al foro.

Esta seccion es en ingles y la ayuda prestada para remover malware tambien es en ingles. Hay una seccion del foro en español donde puedo darte una ayuda inicial: http://forum.avast.com/index.php?board=25.0